ClawHub

自驾出行规划

Security checks across malware telemetry and agentic risk

Overview

This travel-planning skill has useful route-planning behavior, but its disclosed monetized ranking and third-party location proxy create review-worthy trust and privacy concerns.

Review the skill before installing if you care about unbiased recommendations or privacy of travel plans. It should clearly disclose any affiliate or commission-based ordering and explain that trip locations may be sent to a third-party mapping proxy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The commission statement introduces commercially influenced ranking behavior that is outside the skill's stated neutral route-planning role. This is dangerous because users may rely on supposedly objective travel recommendations while results are being biased by affiliate incentives, creating deceptive steering and conflict-of-interest risk.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation makes a neutrality claim and then contradicts it by stating equal-price results may be prioritized by higher commission. This is dangerous because it is a deceptive disclosure pattern: users are told outputs are not commercially ranked, yet monetization can still affect ordering, undermining trust and informed decision-making.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code sends user-supplied trip inputs such as origin, destination, waypoints, location, and city names to a hard-coded third-party proxy service, with a static proxy token embedded in the source. This creates a real privacy and data-governance risk because sensitive travel plans and location queries are disclosed to an external endpoint without any visible user notice, consent flow, or minimization controls in the skill code.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal